IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
24 April 2018
Hyung Tae Lee, Huaxiong Wang, Kai Zhang
In this paper, we demonstrate that their scheme does not achieve the claimed security requirement by presenting an attack. Our attack algorithm is very simple: It requires only a pair of message and ciphertext, and takes one exponentiation and two bilinear map evaluations. Subsequently, we present a modification of their IBEET construction and show that it satisfies their security notion under the BDH assumption and the existence of strong pseudorandom permutation and existentially unforgeable message authentication code in the random oracle model. We remark that our modification has better efficiency than the original construction.
Shashank Agrawal, Shweta Agrawal, Manoj Prabhakaran
Our contributions are threefold.
Firstly, we develop a comprehensive security definition for PKE in the real/ideal paradigm. Our definition subsumes CCA2 security, Anonymity and Robustness as special cases, and also addresses security concerns in complex application scenarios where the keys may be malicious (without having to explicitly model the underlying attack scenarios). To avoid impossibility results associated with simulation-based security, we use the notion of indistinguishability-preserving security (IND-PRE) from the Cryptographic Agents framework (Agrawal et al., EUROCRYPT 2015). Towards this, we extend this framework to accommodate adversarially created objects. Our definition can alternately be interpreted as the union of all possible game-based security definitions. We remark that the agents framework as extended in this work is applicable to primitives other than Public-Key Encryption, and would be of broader significance.
Secondly, and somewhat surprisingly, we show that in the case of PKE, the above comprehensive definition is implied by a simpler definition (which we call COA security) that combines a traditional game-based definition with a set of consistency requirements. The proof of this implication relies on an extensive analysis of all possible executions involving arbitrarily many keys and ciphertexts, generated, transferred between parties and used in an arbitrary and adaptive manner.
Thirdly, we consider constructions. Interestingly, using the above security definition, we show that the Cramer-Shoup cryptosystem (with minor modifications) already meets our definition. Further, we present transformations from any Anonymous CCA2-secure PKE scheme to a COA-secure PKE. Under mild correctness conditions on the Anonymous CCA2-secure PKE scheme, our transformation can be instantiated quite efficiently and is arguably a viable enhancement for PKE schemes used in practice.
Alejandro Cabrera Aldaya, Cesar Pereida Garc{\'i}a, Luis Manuel Alvarez Tapia, Billy Bob Brumley
In this work, we propose a methodology to analyze security-critical software for side-channel insecure code path traversal.
Applying our methodology to OpenSSL, we identify three new code paths during RSA key generation that potentially leak critical algorithm state.
Exploiting one of these leaks, we design, implement, and mount a single trace cache-timing attack on the GCD computation step. We overcome several hurdles in the process, including but not limited to:
(1) granularity issues due to word-size operands to the GCD function;
(2) bulk processing of desynchronized trace data;
(3) non-trivial error rate during information extraction; and
(4) limited high-confidence information on the modulus factors.
Formulating lattice problem instances after obtaining and processing this limited information, our attack achieves roughly a 28 % success rate for key recovery using the empirical data from roughly 10K trials.
Barcelona, Catalonia, 6 September - 7 September 2018
Submission deadline: 18 June 2018
University of Luxembourg
- Applied Cryptography (SK or PK)
- Crypto-currencies, smart-contracts, financial cryptography
- Privacy enhancing technologies
- Distributed consensus protocols
- Cybersecurity
We offer:
You will work in an exciting international environment and will carry leading edge research in these hot research areas. Luxembourg’s financial center is one of the largest in Europe and our team is part of Security and Trust (SnT) research center (>200 people researching all aspects of IT security). The University offers highly competitive salaries (about 34,000 euro/year gross + benefits) and is an equal opportunity employer.
Applications, written in English, should be submitted by e-mail, and will be considered on receipt therefore applying before the deadline is highly encouraged.
Closing date for applications: 31 May 2018
Contact: Prof. Alex Biryukov
More information: https://www.cryptolux.org/index.php/Vacancies
21 April 2018
Lille, France, 29 October - 31 October 2018
Submission deadline: 8 June 2018
Notification: 20 July 2018
Carnegie Mellon University, PA, USA
Closing date for applications: 1 November 2018
Contact: Please contact Vipul Goyal at vipul (at) cmu.edu
More information: http://www.cs.cmu.edu/~goyal/
20 April 2018
Institute of Science and Technology Austria (IST Austria)
The candidates should have a strong record in cryptography, witnessed by publications at top cryptography (Crypto,Eurocrypt,TCC,...) and/or security conferences (CCS,S&P,...). Current topics investigated in our group include
- Sustainable Blockchains
- Memory-Hard Functions
- Leakage-Resilient Cryptography
- Lattice-Based Cryptography
- Adaptive Security
- Pseudoentropy
The post-doctoral position is provided for up to four years with very competitive salary. The starting dates are flexible. There is no fixed deadline, applications will be considered until the position is filled.
Applications should include CV and a statement of research experience and interests. Please send applications to Krzysztof Pietrzak.
Closing date for applications: 1 September 2018
Contact: Krzysztof Pietrzak pietrzak (at) ist.ac.at
More information: http://pub.ist.ac.at/crypto/
19 April 2018
Norwegian University of Science and Technology (NTNU)
The current cryptography group at NTNU works mostly in cryptographic protocol analysis and cryptographic primitives design, with significant applied work in electronic voting. The goal is either to strengthen existing research activities in cryptographic protocol analysis or contribute to complementary areas, such as secure multiparty computation or cryptographic applications of computational number theory/algebraic geometry.
This position is one out of nine strategic professorships announced simultaneously at NTNU. There is also a position in Secure Systems Engineering for which cryptographers may apply.
Closing date for applications: 1 June 2018
Contact: Kristian Gjøsteen, kristian.gjosteen (at) ntnu.no, +47 73 55 02 42
More information: https://www.ntnu.edu/positions-ie
Iasi, Romania, 20 September - 21 September 2018
Submission deadline: 27 May 2018
Notification: 15 July 2018
18 April 2018
Ahmad Ahmadi, Reihaneh Safavi-Naini
Ahmad Ahmadi, Reihaneh Safavi-Naini, Mamunur Akand
T-H. Hubert Chan, Kartik Nayak, Elaine Shi
Ariel Hamlin, Rafail Ostrovsky, Mor Weiss, Daniel Wichs
PANDA simultaneously combines aspects of Private Information Retrieval (PIR) and Oblivious RAM (ORAM). PIR has no initial setup, and allows anybody to privately and anonymously access a public database, but the server's run-time is linear in the data size. On the other hand, ORAM achieves poly-logarithmic server run-time, but requires an initial setup after which only a single client with a secret key can access the database. The goal of PANDA is to get the best of both worlds: allow many clients to privately and anonymously access the database as in PIR, while having an efficient server as in ORAM.
In this work, we construct bounded-collusion PANDA schemes, where the efficiency scales linearly with a bound on the number of corrupted clients that can collude with the server, but is otherwise poly-logarithmic in the data size and the total number of clients. Our solution relies on standard assumptions, namely the existence of fully homomorphic encryption, and combines techniques from both PIR and ORAM. We also extend PANDA to settings where clients can write to the database.
Marc Fischlin, Christian Janson, Sogol Mazaheri
Security of many cryptographic tasks, such as digital signatures, pseudorandom generation, and password protection, crucially relies on the security of hash functions. In this work, we consider the question of how backdoors can endanger security of hash functions and, especially, if and how we can thwart such backdoors. We particularly focus on immunizing arbitrarily backdoored versions of HMAC (RFC 2104) and the hash-based key derivation function HKDF (RFC 5869), which are widely deployed in critical protocols such as TLS. We give evidence that the weak pseudorandomness property of the compression function in the hash function is in fact robust against backdooring. This positive result allows us to build a backdoor-resistant pseudorandom function, i.e., a variant of HMAC, and we show that HKDF can be immunized against backdoors at little cost. Unfortunately, we also argue that safe-guarding unkeyed hash functions against backdoors is presumably hard.
Zheng Yang, Yu Chen, Song Luo
Yilei Chen, Vinod Vaikuntanathan, Hoeteck Wee
Our main results are as follows:
- Proofs. We present new constructions of private constrained PRFs and lockable obfuscation, for constraints (resp. functions to be obfuscated) that are computable by general branching programs. Our constructions are secure under LWE with subexponential approximation factors. Previous constructions of this kind crucially rely on the permutation structure of the underlying branching programs. Using general branching programs allows us to obtain more efficient constructions for certain classes of constraints (resp. functions), while posing new challenges in the proof, which we overcome using new proof techniques.
- Attacks. We extend the previous attacks on indistinguishability obfuscation (iO) candidates that use GGH15 encodings. The new attack simply uses the rank of a matrix as the distinguisher, so we call it a "rank attack". The rank attack breaks, among others, the iO candidate for general read-once branching programs by Halevi, Halevi, Shoup and Stephens-Davidowitz (CCS 2017).
- Candidates. Drawing upon insights from our proofs and attacks, we present simple candidates for witness encryption and iO that resist the existing attacks, using GGH15 encodings. Our candidate for witness encryption crucially exploits the fact that formulas in conjunctive normal form (CNFs) can be represented by general, read-once branching programs.
Christina-Angeliki Toli, Abdelrahaman Aly, Bart Preneel
Yansong Gao, Chenglu Jin, Jeeson Kim, Hussein Nili, Xiaolin Xu, Wayne Burleson, Omid Kavehei, Marten van Dijk, Damith C. Ranasinghe, Ulrich Rührmair
In this paper, we introduce two practical implementations of erasable PUFs: Firstly, we propose a full-fledged logical version of an erasable PUF, called programmable logically erasable PUF or PLayPUF, where an additional constant-size trusted computing base keeps track of the usage of every single CRP. Knowing the query history of each CRP, a PLayPUF interface can \textit{automatically} erase an individual CRP, if it has been used for a certain number of times. This threshold can be programmed a-priori to limit the usage of a given challenge in the future before erasure.
Secondly, we introduce two nanotechnological, memristor-based solutions: mrSHIC-PUFs and erasable mrSPUFs. The mrSHIC-PUF is a weak PUF in terms of the size of CRP space, and therefore its readout speed has to be limited intentionally to prolong the time for exhaustive reading. However, each individual response can be {\it physically} altered and erased for good. The erasable mrSPUF, as the second proposed physical erasable PUF, is a strong PUF in terms of the size of CRP space, such that no limit on readout speed is needed, but it can only erase/alter CRPs in groups. Both of these two physical erasable PUFs improve over the state-of-the-art erasable SHIC PUF, which does not offer reconfigurability of erased CRPs making the erasable SHIC PUF less practical.
In passing, we contextualize and locate our new PUF type in the existing landscape, illustrating their essential advantages over variants like reconfigurable PUFs.